Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

abort processing of the request

Avatar

Level 4
Hey there,
 
how do I block/abort processing of the request using  sling filter.
 
Thanks
1 Accepted Solution

Avatar

Correct answer by
Employee Advisor

Hi @anelem1760873!

 

Usually, you would include your filter into the filter chain and override the doFilter() method as @bilal_ahmad outlined in his code example.

Depending on your understanding of how to "block/abort" the request, you could do one of the following:

  • Check for the right condition and send an appropriate HTTP response (e. g. 404 Not Found or any other 4xx or 5xx code that makes sense for your use case) - exactly what @bilal_ahmad mentioned. You can find a simple example of a LoggingFilter [1] in the AEM Maven Archetype [2].
  • Proceed with request processing but skip any additional filters. Probably not what you are looking for.
  • Stop processing all together and not even waste additional computing resources by sending any kind of response. You probably don't want to do that as this may lead to unexpected results.

If your use case is really about blocking and/or dropping incoming requests (e. g. as a protective measure against DoS/DDoS, unwanted crawlers or other clients, etc.) my suggestion would be to stop them at an earlier stage. You could leverage some kind of web application firewall (WAF). Sometimes certain modules for Apache HTTPD do the job (mod_security [3], mod_qos [4] or for simple cases even mod_rewrite [5]).

 

[1] https://github.com/adobe/aem-project-archetype/blob/develop/src/main/archetype/core/src/main/java/co...

[2] https://experienceleague.adobe.com/docs/experience-manager-core-components/using/developing/archetyp...

[3] https://github.com/SpiderLabs/ModSecurity/wiki

[4] http://mod-qos.sourceforge.net/

[5] https://httpd.apache.org/docs/current/mod/mod_rewrite.html

View solution in original post

2 Replies

Avatar

Level 5

Hey @anelem1760873 you can write something this sort in the doFilter() method:

if (resource.getPath().startsWith("/content/pathToBlock/")) {
    if (<right condition>)) {
        <YOUR BUSINESS LOGIC>
    } else {
        slingResponse.sendError(HttpServletResponse.SC_NOT_FOUND);
    }
    return;
}


Thanks,

Bilal.

Avatar

Correct answer by
Employee Advisor

Hi @anelem1760873!

 

Usually, you would include your filter into the filter chain and override the doFilter() method as @bilal_ahmad outlined in his code example.

Depending on your understanding of how to "block/abort" the request, you could do one of the following:

  • Check for the right condition and send an appropriate HTTP response (e. g. 404 Not Found or any other 4xx or 5xx code that makes sense for your use case) - exactly what @bilal_ahmad mentioned. You can find a simple example of a LoggingFilter [1] in the AEM Maven Archetype [2].
  • Proceed with request processing but skip any additional filters. Probably not what you are looking for.
  • Stop processing all together and not even waste additional computing resources by sending any kind of response. You probably don't want to do that as this may lead to unexpected results.

If your use case is really about blocking and/or dropping incoming requests (e. g. as a protective measure against DoS/DDoS, unwanted crawlers or other clients, etc.) my suggestion would be to stop them at an earlier stage. You could leverage some kind of web application firewall (WAF). Sometimes certain modules for Apache HTTPD do the job (mod_security [3], mod_qos [4] or for simple cases even mod_rewrite [5]).

 

[1] https://github.com/adobe/aem-project-archetype/blob/develop/src/main/archetype/core/src/main/java/co...

[2] https://experienceleague.adobe.com/docs/experience-manager-core-components/using/developing/archetyp...

[3] https://github.com/SpiderLabs/ModSecurity/wiki

[4] http://mod-qos.sourceforge.net/

[5] https://httpd.apache.org/docs/current/mod/mod_rewrite.html